Securing Trustworthy & Resilient Chips

PORTLAND, Ore. — Nine universities, from a field of more than 50 applicants, have been chosen to receive $4 million over three years to develop Secure, Trustworthy, Assured, and Resilient Semiconductors and Systems. The STARSS program is supported by the National Science Foundation (NSF) and the Semiconductor Research Corporation (SRC) as well as SRC member companies Intel, Freescale, and Mentor Graphics.

The STARSS program is part of a $75 million cyber security effort by the NSF, but is unique in that it is aimed at making the chips themselves -- especially processors -- immune from being exploited by hackers who take advantage of hidden Trojan horses and backdoors that are intentionally or unintentionally inserted into chips by intellectual property (IP) often from foreign sources. The effort will also make it easier to spot counterfeit chips, chips having been tampered with somewhere along the supply chain, and used chips being passed off as new.

"NFS and SRC are initially funding nine projects [listed below] with $4 million in a multi-phase project that will likely spend $10 million over several years," Keith Marzullo, division director of NSF’s Computer and Network Systems Division, which leads the NSF/SRC partnership on STARSS, told EE Times. "And STARSS is part of a larger effort -- the Secure and Trustworthy Cyberspace (SaTC) project -- which will be spending $45 million the first year and as much as $75 million over the next few years."

Since securing chips from hackers is a mostly unplowed field, the first call generated a lot of proposals that had to be carefully weeded out by the NSF and SRC committee review process.

"We are going to be doing a lot of blue sky work at first," Celia Merzbacher, SRC vice president for Innovative Partnerships, told us. "But we want to concentrate right now on counterfeit detection, assurance, looking for Trojans, and verification of the security of chips."

STARSS is also a part of SRC’s Trustworthy and Secure Semiconductors and Systems (T3S) program.

"STARSS will be a cornerstone to our T3S effort at designing-in security and assurance right from the beginning of the process," says Merzvbacher. "We want to design in resistance and resilience to both attacks and tampering."

Most of the concentration will be on hardware issues, but since software has become such an integral part of most processors, that issue will also be addressed, particularly at the interfaces between subsystems, which are often vulnerable because they are controlled by software.

"We are mostly doing hardware, but software has to be considered too, when it comes to security and trustworthiness. At a recent workshop, over and over the issue of interfaces between hardware and software was brought up as especially vulnerable, along with authentication along the supply chain," says Merzbacher.

If you think you have a better idea, or one that fills in a hole left by the programs above, the NSF is currently sponsoring a second round of funded projects. Just fill out the paperwork for its Secure and Trustworthy Cyberspace (SaTC) program today.

Yes couterfeit chips are not necessarily malicious--sometime just outdated and being passed off as new--but reprogrammable chips is a big hurdle to surmount. However, SRC believes it is possible without adding too much overhead and the researdhers already have explored dozens of techniques for doing it. Now its a question of which will really work!

I see two very different issues that must be addressed: A/ detecting counterfeit chips and B/ preventing existing chips from being hacked and altered. Both of these issues are more difficult to address when chips are intentionally designed to be reprogrammed (upgraded). Hardwired chips can be subjected to tests to see whether they conform to the intended design and internal data. Reprogrammable chips are more difficult to test for authenticity (and a valid / suitable software load).

We need to search for counterfeits and Trojans today because we frankly don't know where our semiconductors are coming from. This is a result of the large number of brokers, distributors, and sometimes byzantine manufacturing steps in modern semiconductors.

Research like this is needed to be sure, but we should always be mindful of where money is best spent: in hardware based research (things like fault injection, of course, address different security problems altogether), or in adding traceability and chain-of-custody tracking and verification in our supply chains.